CSO Online Chris Dimitriadishttps://www.csoonline.com
en-usSun, 07 Jun 2020 01:28:19 -0700Sun, 07 Jun 2020 01:28:19 -0700https://idge.staticworld.net/cso/cso510x510.pngCSO Onlinewww.csoonline.com
510510https://idge.staticworld.net/cso/cso798x288.pngCSO Onlinewww.csoonline.com
796288COVID-19 pandemic accelerates transformation in enterprise security Tue, 12 May 2020 03:00:00 -0700Chris DimitriadisChris DimitriadisWe were already on our way to being a digital-first economy. The global COVID-19 pandemic, though, expedited the shift away from the last remnants of traditional operating models and placed further emphasis on the security measures that will be needed to support remote work, online-only models and other evolving norms on the business landscape. Fully digital businesses are the new reality.

]]>(Insider Story)https://www.csoonline.com/article/3534495/5-reasons-security-staff-leave-and-what-to-do-about-it.html
IDG Insider5G without governance is risky businessFri, 27 Mar 2020 03:00:00 -0700Chris DimitriadisChris DimitriadisIt is easy to understand the enthusiasm around the rise of 5G technology. In an era in which speed and connectivity are foundational ingredients in enterprises’ growth strategy, 5G presents unprecedented potential for businesses to innovate rapidly. Factor in the widespread proliferation of internet of things (IoT) devices in recent years — and how 5G’s vaunted bandwidth can accelerate IoT implementations — and the table is set for 5G to make a major impact in the new decade. But before racing toward a project at 5G-like speed, enterprises should ensure a governance framework is in place to support the project and make the time, effort and expense worthwhile.

We know artificial intelligence will loom large in the next decade, and we know cybersecurity will be critically important as well. How those two forces intersect sets up as one of the most fascinating – and consequential – dynamics that will shape society’s well-being in the 2020s.

According to ISACA’s new Next Decade of Tech: Envisioning the 2020s research, cybersecurity is the area in which AI has the potential to have the most positive societal impact in the next decade, with areas such as healthcare, scientific research, customer service and manufacturing also among the top responses offered by the 5,000-plus global survey respondents.

]]>https://www.csoonline.com/article/3505959/who-will-harness-ai-more-effectively-in-the-new-decade-cybercriminals-or-cybersecurity-professional.html
Ignorance is not bliss when it comes to defending against the dark webTue, 12 Nov 2019 07:36:00 -0800Chris DimitriadisChris Dimitriadis

The dark web ecosystem continues to evolve as a place where cybercriminals can sell and access stolen data, purchase black-market items such as guns, drugs and hacking software, and connect with like-minded individuals. As is the case in any supply-and-demand scenario, since there remains a strong demand for these and other items, the dark web will remain a popular hub for the foreseeable future. That, in turn, puts security professionals and their enterprises in the position of needing to gain a deeper understanding of the dark web and how to mitigate its various risks.

In many cases, organizations have a long way to go in this regard. Even the name “dark web” connotes a taboo that, unfortunately, causes many organizations to shy away from giving this space the attention that it deserves. While there are areas of the dark web that need to be dealt with cautiously, the dark web’s basic contents, pathways and major risks should be well-understood by organizations’ security teams.

Cyber risk has understandably become a focal point for enterprise risk managers, but the risk landscape is multi-layered and extends beyond the realm of cybersecurity. In addition to contending with a daunting array of cyberthreats, enterprises are determining how much risk they are willing to accept in deploying emerging technologies, working through a heightened focus on customer privacy and adjusting to changes in the regulatory environment.

New industry research from ISACA, CMMI Institute and Infosecurity shows that enterprises are struggling to manage and optimize their risk, not only when it comes to confronting cyber risk, but in gathering a firmer handle on the holistic enterprise risk environment. Below is my perspective on three data points from the research that I found to be particularly significant:

The increasing emphasis on data privacy gained widespread attention last year with the enforcement deadline of the General Data Protection Regulation (GDPR). Regardless of your perspective on GDPR and its impact on enterprises, the need for organizations to provide more robust solutions to protecting customers’ data is only going to escalate as data sources continue to proliferate and the regulatory environment continues to evolve.

While many organizations remain in the early stages of determining if and how blockchain fits into their digital transformation plans, the role blockchain can play in driving toward improved data privacy in addressing regulatory requirements such as GDPR could serve as an additional factor in their considerations.

About the only thing shifting as fast as the cyber threat landscape is the typical enterprise’s org chart. As enterprises aim to keep pace with the rapidly evolving digital economy, many are restructuring internal departments, hiring criteria and the processes by which they develop and distribute products, all with the overarching objective of becoming more proficient at rapidly responding to new opportunities in the marketplace.

In making these well-intentioned adjustments, the ability for enterprises to establish robust, broadly integrated cybersecurity as a core capability of their recalibrated operation will be one of the best predictors of whether these changes will prove successful.

If there is one universal truth we’ve learned from developments on the cybersecurity landscape in recent years, it’s that none of us are free from cyberthreats. Attackers identify and exploit vulnerabilities wherever they might exist, regardless of the target’s geographic location, whether the target is an individual or an enterprise, or which industry sector the target represents.

By the same token, attackers are equally capable of wreaking havoc whether their target is based on land or sea. Considering that more than 70 percent of the earth is covered by water, and an expanding attack surface for the vessels journeying across those waters, and cybercriminals have no shortage of maritime targets that they can aim to exploit.

In ISACA’s State of Cybersecurity 2019 research released this month, a combined 75 percent of security professionals responding to the survey assert that most enterprises underreport cybercrime, including 50 percent who believe that organizations underreport cybercrime even when legally required to report it.

There is a well-known saying that the first step to solving a problem is acknowledging that there is a problem, but these numbers suggest that enterprises still would prefer to sweep cyber incidents under the rug than to face the often-unpleasant realities of today’s threat landscape. There are a number of reasons why organizations resist reporting cyber incidents, but the failure to disclose incidents is short-sighted and ultimately opens the enterprise to far greater risk in the long-term.

The innovative capabilities of technology – as well as the potency of that technology – are advancing at a remarkable pace, creating new possibilities in today’s digital economy. This is mostly wonderful, with one large caveat: we must keep in mind that just because we have the ability to deploy a new technological innovation does not mean that we should. The need to prioritize digital ethics is becoming increasingly important for all organizations that are mindful about the imprint that they are leaving on society.

The transformative ways in which new technologies – particularly artificial intelligence – are being utilized call for deeper discussions around the ethical considerations of these deployments. Depending on the organization and its level of ambition for implementing these technologies, that might even include the need for a chief ethics officer to ensure these issues receive appropriate attention at high levels of the organization.

Devising and properly executing strong cybersecurity programs is an imperative that overlaps virtually all industries and sectors, but pharmaceutical companies face a special level of responsibility. It is essential that consumers are able to trust in their prescription drugs and related medical treatments, and that patients are able to reliably access them while also having their data privacy protected.

It is no exaggeration to say that accessing the treatments pharmaceutical companies develop and distribute can be a matter of life and death to consumers, so the need to protect the integrity and availability of those products cannot be overstated. This is particularly true in an era in which big data enable personalized medicine and can be used to provide personalized drug prescriptions that can be fatal if integrity is breached.

As much as tools and technology evolve in the cybersecurity industry, organizations remain reliant on clever, well-trained humans with incisive critical thinking skills to protect themselves from the perilous cyber threat landscape. But just as the threat landscape continues to expand, so, too, does the corresponding skills gap that puts organizations at risk of major financial losses and irreversible damage to their brand reputations.

Finding and retaining a sufficient pool of qualified cybersecurity professionals grows ever more challenging, as reflected in ISACA’s recent State of Cybersecurity 2019 research. The retention piece can be especially problematic, particularly for organizations that face substantial resource limitations. Better financial incentives, such as higher salaries and more lucrative bonuses, overwhelmingly came across as the top reason why cybersecurity professionals change jobs, with other considerations such as career development opportunities and better work culture/environment also factoring in among the leading reasons.

If there were any question about the critically important role that information and cyber security practitioners play in the welfare of today’s society, there is new evidence spelling it out in stark, attention-grabbing terms.

Data fraud/theft and large-scale cyberattacks were each identified among the top five global threats in the latest edition of the World Economic Forum’s Global Risks Report. The other elements on the list: extreme weather events, failure of climate change mitigation and major natural events, such as earthquakes and tsunamis.

As the new year begins and business leaders refine their 2019 plans, how to effectively deploy technology increasingly will be a focal point of conversations in the boardroom and elsewhere throughout the enterprise. While trending technologies such as artificial intelligence, blockchain and 5G wireless networks command much of the mindshare in the new year, one technology that might no longer be deemed buzzworthy should nonetheless be a major consideration in 2019 for the C-suite and security teams alike – how to derive value while mitigating risk from big data.

The term “big data” has been in circulation for many years, but big data continues to evolve in scope and capability, especially with AI, augmented analytics and other emerging technologies enabling data to be harnessed in more sophisticated fashion. ISACA’s 2018 Digital Transformation Barometer shows that big data remains the technology most capable of delivering organizations transformative value, and it is easy to see why. The positive potential of big data is enormous, spanning virtually all industries and impacting both the public and private sectors. Of critical importance, organizations can tap into big data sets to better understand their customers and configure predictive models that allow them to be more strategic and proactive in their business planning.